Before and after: how a French local authority brought MFA and SSO to every access path, without leaving its on-premise Active Directory
A French local authority runs its identity infrastructure the way a great many public bodies do: an on-premise Active Directory at the centre, and a workforce of more than a thousand staff authenticating against it. What sat on top of that directory, however, had grown …
Combining Smartcard and FIDO2 at Windows logon, even offline
A regional public-sector organisation in Europe came to us with a Windows estate that was already secured by smartcard logon. Its users carry smartcards, and some of them log in where there is no network: laptops that leave the building and spend hours with no …
VPN, bastions, servers: how a European data center applies MFA for every client
A provider that hosts other companies’ infrastructure does not have one set of users to protect. It has dozens, each belonging to a different organization, and each expecting that its identities, its policies and its administrators stay strictly separate from everyone else’s. Adding multi-factor authentication …
When your identity provider’s renewal pricing skyrockets: switching to an on-premise alternative at a third of the cost
There is a moment many IT teams will recognise. The renewal notice for your cloud identity platform arrives, and the number on it bears no relation to what you signed three years ago. You built your entire authentication layer on this service. Every VPN, every …
On-premise identity resilience without giving up sovereignty: an alternative to Entra ID
Many organisations run their whole identity layer from a single site. Active Directory sits on-premise, a federation layer in front of it authenticates dozens of downstream applications, and remote access rides on the same chain. It works, until the site does not. A power, network …
How a European bank built its PSD2 strong authentication on its own identity foundation
A bank that sets out to add strong customer authentication usually expects the hard part to be the authentication itself: which factors to combine, which app to roll out, how to clear the regulator’s bar. The harder question often sits one step earlier. Where do …
On-Premise MFA and SSO Without Writing to Active Directory
If you run an on-premise Active Directory, a couple of hundred internal applications, and a security team that will not let any new tool write into AD or turn the directory into an application database, most modern identity platforms will gently explain that this is …